What extra data is in MAC address field of an Event Log message?

Michael234 · October 10, 2017, 8:03am

This screen shot shows three messages triggered by an outbound DENY firewall rule.

The MAC address field includes the MAC address of the device, but it also includes extra data. What is that extra data?

The MAC address of the device is in the middle of the MAC field. You can see the MAC of the device in the first two messages, where it was assigned an IP address.The router is a Surf SOHO running firmware 7.0.2.

sitloongs · October 10, 2017, 6:45pm

@Michael234

Let put a example for the log given :

MAC=00:1a:dd:f9:8a:a0:88:d7:f6:4d:8a:3a:08:00

Destination MAC: 00:1a:dd:f9:8a:a0 (MAC address for SOHO LAN)
Source MAC: 88:d7:f6:4d:8a:3a (MAC address for Client)
Protocol Type: 08:00 (Ethernet frame carried an IPv4 datagram)

Michael234 · October 11, 2017, 6:44am

Thank you.